If you click through to the video in the Click Forensics post, you can see a demonstration of the click fraud working through searches on Google and Yahoo. Size does not frighten scammers when it comes to click fraud; Microsoft is vulnerable the scam, too. Microsoft filed a click fraud lawsuit against three people earlier this year claiming they made $250,000 in profit off of their online advertising service.

As security professionals, we have to keep an eye on click fraud from two perspectives: first, our Web sites might be vulnerable to it. When there is a will, there is a way, so don't think you are immune. Second, users are our weakest link. They are vulnerable to click fraud and can possibly expose our networks to malware. And click fraud can be an especially tricky area for user error, since end users often see no indication that anything is wrong as they go about their activities -- such as performing searches, in this case.

So how do we defend against click fraud? I offer the following advice:

Use a scoring algorithm to detect and document click fraud. Pay-per-click advertising can be predicted using statistical methods.